2016 The year in Review

Wow, what a year 2016 has been! While politics and work have had their major ups and downs, I did get a ton of good reading in this year. I figured a great way to wrap up the year would be to go back thru the books and just think about them here. Enjoy.

January 5th – I finished reading “Undeniable: Evolution and the Science of Creation” by Bill Nye. While Bill Nye is at times a pompous ass, this book was very thoughtful and entertaining. His ability to take complex issues and explain them for the average person is a trait he inherited from Carl Sagan. I had started this book in 2015, but finished it in 2016 so I am counting it this year. If you have a scientific mind – read this book.

January 26th – I finished reading “The Comic Book Story of Beer: The World’s Favorite Beverage from 7000 BC to Today’s Craft Brewing Revolution” by Jonathan Hennessey. This is my first full book of 2016. Like a good Pilsner, this book is a light, tasteful read. Like a IPA, it can leave a great buzz in your brain – the buzz of knowledge. And like a nice Stout, you finish the book satisfied. If you’ve not gotten into reading “historical” comics, perhaps this is the one for you. Read it with your favorite beverage in your other hand.

February 4th – My friend Ian Hughes (AKA- ePredator) published his second book in the story of Rosin. “Cont3xt” by ePredator is that book. It is a worthy sequel to his first book – Reconfigure. The story of Rosin continues and immediately expands the universe in a logical manner. What I really like about ePredator’s books is it uses a lot of relevant and current references without naming names, this should allow future readers to enjoy this book too.

February 7th – One of many free ebooks I started reading this year from many lists – “The Wolves of Paris” by Michael Wallace. Cashing in on the werwolf phenom of late, this book is well written, but not really my style. If you like werwolf love stories… this one is for you.

February 15th – I finished Felicia Day’s “You’re Never Weird on the Internet“. I had the great pleasure of meeting Felicia Day at a conference for work many years ago. Her story reminds me of many parts of my own life, except for the home schooling, and the successful internet celebrity. What blew me away was all the trouble that was going on in her life when I met her, that didn’t show in her attitude and public appearances. Reminds me that we are all human. Go read this book!

February 24th – Time for some technical work reading – “The Practice of Network Security Monitoring: Understanding Incident Detection and Response” by Richard Bejtlich. I worked on this book for about a year, as I didn’t really have a need to read it, but had picked it up while I was at RSA in 2015. More of a manual with background than a book to read, but it certainly opened up my eyes on how a SOC must work.

February 27th – While work is hard, having a nice glass of wine is the reward. I read “Reading Between the Wines: With a New Preface” by Terry Theise while traveling overseas. I did a bit more traveling in 2016 than I wanted to, but at least it gave me some time to read. I tend to like red wines, this book got me thinking I should go back and try a few more German white wines.

April 16th – The second of my “free” ebooks for 2016. “Breakers” by Edward W. Robertson. A science fiction novel that took a while to get going, but really enjoyed it in the end. Once the story got past all the exposition, it seemed to kick into a higher gear. May have to check out the rest of the series, which is the reason for giving it away as a free ebook.

May 13th – Another book about wine! So far I’ve had beer and wine this year, and the second book on wine is also a winner. “A Hedonist in the Cellar” Adventures in Wine” by Jay McInerney is a series of essays by the author. While the book was 10 years old, it gave me ideas for new wines to try. Hope I can find a few of them.

May 13th – My second technical book of the year. I was trying to figure out why my OS X Server was not working as I expected, imaging my delight when I found “Take Control of OS X Server” by Charles Edge, JR. The take control series of books are great for getting thru some of the features of a Mac/iOS environment. Highly recommended.

May 30th – Science, I love science! The book “Cosmic Legacy: Space, Time and the Human Mind” by Greg F. Reinking, was a very tough read. I got this book a few years back and kept dipping in and out of it. This year, I promised myself I would read the whole thing thru. I did, and it was well worth it. While I have the hardback version, the link above takes you to it online, where it is now available for free.

June 8th – Back to some mindless fun reading. Another ebook I got this year, was the book “The Kennedy Secret” by Steve Richer. This thriller takes you into a fun conspiracy based on the Kennedy family. And no, it is not real, it’s a fiction.

June 28th – My first re-read of the year. During my travels this year I got to rewatch the movie based on the book “The Big Short: Inside the Doomsday Machine” by Michael Lewis. I had read this book when it first came out. Michael does a great job of explaining the complexity behind the financial meltdown of 2007-2008. If you watched the movie, go read this book!

August 1st – Those who know me, know I love Dragons. Another free ebook was “Rise of Dragons (Kings and Sorcerers, #1)” by Morgan Rice. I got this book and whole slew of other books from Morgan Rice by signing up for her new letter. I have no real memory of actually reading this book. But it is in my GoodReeds tracking. Maybe I will re-read it in 2017 and see if it was any good.

September 1st – I know many people who are huge fans of Neil Gaiman. To be honest, I should be, but I had not remember actually reading any of his prior work before I got this book from my wife as a gift. “The View from the Cheap Seats: Selected Nonfiction” by Neil Gaiman is a series of essays and speeches that Neil Gaiman has given in his life as a writer. Amazing! I now have a list of great books that he has written and that he recommends in these pages. I even picked up a copy of the complete works of Edgar Allen Poe on my iPad to go thru after this.

October 1st – Hmmmm. June to October where crazy busy at work and in life. I didn’t get much time to actually read so It seems that I was able to read another book. This technology / business book by Don Tapscott was “Blockchain Revolution: How the Technology Behind Bitcoin is Changing Money, Business, and the World“. Nope it’s not a pretensive title, I do believe that blockchain has the potential to change a ton of things. My biggest worry about Blockchain is that it will be hijacked by large financial institutions and many of the potential positives that Don and his son talk about in this book will fail to be realized.

October 16th – “Post-Human Series Books 1-4” by David Simpson. This book took me almost a full year to read. No, it wasn’t a bad book, it was a compendium of 4 books, and I really enjoyed it. It is not high art, but for a good pulp about AI and Science Fiction it was enjoyable.

November 12th – “Wild-born (Psionic Pentalogy, #1)” by Adrian Howell. This young adult fiction was a good palette cleanser. The book tells the story about a child who discovers he has telekinetic powers. This discover opened up a whole new world where some people have the power, some people don’t and every one wants to control Adrian.

December 4th – We are getting down to the end of the year and I am getting into some interesting stores. “Evensong (Merits Trilogy #1)” by Krista Walsh is one of those stories. The premise of this book is a typical sword and sorcery story, until the author get’s pulled into the world of their own creation. We now have to deal with the world that being manipulated by the author realizing who he is, and how his powers can be used to fit a few festering problems.

December 16th – I read this book as another free ebook, but it was out of sequence. I have since added all the rest of the series to my reading list. “The Last Firewall (Singularity Series Book 3)” by William Hertling was awesome. William works at HP during the day, and has spent time writing, what I consider, a great book on how Artificial intelligence (or as we call it now – Cognitive technologies) could end up changing humans. As ePredator helped kick off the year of fiction with AR/VR, William helps ended it on Cognitive technologies. Highly recommended.

December 26th – The last book I finished this year is “Black Panther #1” by Ta-Nehisi Coastes. This graphic novel helped me get re-aquinted with Marvel’s Black Panther comic. Incredible art work, and the with Ta-Nehisi writing the storyline, it is much more engaging than many comics lately. Seeing a positive technological perspective of Africa, even if it is a comic, I hope get’s people past their backwards views of other cultures.

As I said when I started this post, it’s been an interesting year. I hope that 2017 is a relaxing / boring year.

Day two of MacWorld/iWorld 2014


The Crowd waiting to get in

Wow.. what a busy day, and yes, I picked up a toy today. The Bass Egg was a kickstarted last year, and after hearing it today and doing a few tests (like placing it on my head), I was amazed and had to buy it. I am listening to a podcast on it right now, and this is the best sound I’ve had on my iPhone. Here’s the setup I am using in the hotel.
The Bass Egg Speaker

The Bass Egg Speaker

I spent the day in sessions, almost non-stop. I tried to tweet out from a few of them. Check out my feed at @michaelrowe01.

The first session was way-way too short. Rich Mogull – CEO of Securosis. You should follow him on twitter at rmogull. I was looking forward to this, but with only 30 minutes for the session, I felt it was more of an overview about how Apple has a Philosophy that focuses on usability, over security, but they have done a really good job of addressing security by default. Also, given the closed nature of the platform, they have the opportunity to enforce some really good practices. He did show how his machine was setup, and there was only one setting that I had not setup the same way. That setting is, when traveling he changes the firewall to Block all incoming requests. (Guess I shouldn’t have mentioned that, and it is changed now.

The second session was a presentation by Robert Scoble & Shel Israel on their new book – The Age of Context. Today you can pick up the ebook version for Kindle for only $1.99. I picked it up and the hard copy book, since it was autographed. This was one of those talks that pump a whole bunch of exciting thoughts and ideas into 45 minutes. I’ve been talking about and thinking about many of these ideas due to my work in my day job around the Internet of Things. Scoble and Shel talked about how all the sensors we have around us are providing a ton of context to our daily lives. It also enables an unbelievable level of pinpoint marketing; however companies are failing to realize this. They also addressed the shift of the freaky line, the point where technology freaks us out. I will make a post after I read the book to describe this talk in more detail.

I skipped the next two sessions I had lined up, since I would not get lunch if I did, and instead I walked the show floor some more. I talked with the guys at Bass Egg, and told them I would probably be back to buy it tomorrow. I also talked to the designers of the everdock. This machined aluminum dock is great for charging two devices at once. What makes it unique is that they use your cables, and have a few rubber/silicon pieces that make it a perfect fit for a iPhone or iPad in a case. You can also use it for non-apple devices. I will probably pick one of these up tomorrow.

I also talked with the team over at extra-life.org. They sponsor the 24 hours of gaming in the fall, but they are promoting year round for people to build up teams to game for 24 hours. This is used to raise money for the Children’s Miracle Network Hospitals. What a great idea, play games to help kids. I recorded a few questions with the people in the booth, and that will be included in my weekly podcast over at GamesAtWork.Biz.

I then ran over to catch the session on the NSA and you. This was a panel discussion that wanted to have questions from the audience; however, once again it was too short. The panel was a great group of security exports, but with a panel of five people there were only 5 questions all from the panel moderator. While the questions were good, it didn’t give the panel much time to provide deep and meaningful answers. So what where the questions and who were the experts:

  • What is the biggest security thing in the last year? The revolution that the NSA has undermined crypto standards, the reach and scope of the data monitoring, the hoarding of zero day vulnerabilities (with no obvious fixes to our own infrastructure), and the legal interpretation of collection that the NSA uses.
  • Why should the average person care about mass surveillance and privacy?They do care, but they are not really cognizant of what is really happening with their data, given that most people are opting in voluntarily without understanding what the picture is that the data is providing would freak us out.
  • Can we trust Apple with our data? While their corporate culture may favor the user’s experience, you are ultimately at risk that an individual in a company could make a mistake and that violates your trust. Individuals should be responsible in what they do and how they segment their data, so while as individuals you can trust a person, you cannot apply that to an enterprise.
  • What can the average person do? This used to be a simple answer – encrypt everything, but now that the NSA has undermined some of the standards, you need to segment your data, encrypt it, and be very aware of what you do or do not share.
  • How do we put pressure on congress? Ultimately, you need to put pressure on congress and companies, money talks and unfortunately those with the most influence the most. So it may be easier to influence companies into pressuring congress. Having said that, Parker indicated that the USA Freedom Act is a good start, and sets a minimum approach in this space.

The experts:

I then got into another good session on using Logic Pro X – given the time constrains Andrea Pejrolo, PhD actually focused on some great new features that Logic Pro X has introduced around quantification, flex pitch, and the new virtual drummer. I learned tons from this, but was hoping to improve things around my editing workflow and that was not to be. I am going to; however, play a bit with flex pitch on a few projects I am working on. So definitely worth it.

More tomorrow!

Apple finishes update to Developer Portal

Last night, as I was checking my email before going to bed, I got a note from Apple that their replace/rebuild of the Developer portal had been completed and all services are working again.  Great news, and hopefully Apple has addressed, not only the security flaws identified by the Turkish researcher, but any fundamental design flaws which could expose other security issues going forward.

The biggest lessons I’ve learned from watching this all unfold is – security is hard.  Steve Gibson (from Spinrite fame) has been recording a long running podcast on security called “Security Now“.  He spends 2 hours, each week, going thru all the latest info on security patches, and describing the underlying design and technology of various protocols, etc. which shows how much you need to know to make truly secure applications.

Years ago, when I was working as a consultant, I wrote a Human Resources system for a home health care management company.  I was asked to make sure that we had an appropriate level of security and could segregate data between managed companies via passwords.  The design was simple.  Within the application, you had to enter a unique company identifier and password for each company’s data.  Simple and somewhat effective, given that the entire application and all of its data resided on a midrange computer that could only be accessed within the companies physical boundaries.  Within 1 month of the application going live, every monitor within the HR department had a nicely printed sticker listing the company identifier and the password for each.  So much for security.

The reason I bring this up is to identify how technology is only as secure as its weakest link.  Kevin Mitnick, shows us in his biography – Ghost in the Wires, that the best hacks are really around social engineering and not technology.  Even Mat Honan’s famous twitter / gmail / icloud hack, was much more a social engineering issue than a technology flaw.

If you are storing sensitive data (however you define sensitive), what are you doing to make your application secure, with out distracting from its functionality?

Security and will Monday see another iOS Beta?

Prior to the security issues on Apple’s site over a week ago, Apple had been on a bi-weekly cadence for iOS and OS X beta releases.  Last Monday, (July 22nd) the developer portal was down while Apple rebuilt the site to address the security issues no iOS beta was reported to be released.  With less than 24 hours to go, will they be in a position to release a beta tomorrow?  What is the impact to the overall release schedule of iOS?  What do you think?

I am hoping that the major progress we’ve seen in the last week on bringing the site back online (while still not complete, many of components are up as of this posting), has allowed Apple to focus back on working on iOS and Mavericks.  Perhaps there are some lessons in all of this for us, as developers, that security can’t be something we think about when we are done developing.  Security is something that needs to be built into our apps from the beginning.

One of my favorite podcasts is Security Now! with Steve Gibson of Gibson Research Company. A few months back, Steve talked about the effort he went thru to retrofit his entire website to https.  I think this is something that is worthwhile to consider for this site.  It is a lot of work , and exposed to him the inter-relationship of so much of our connected world.  At an app level, if you use any third party code, are you sure it is secure?  How do you go about testing for security?

The people who want to expose or exploit security issues in your code, spend much more time testing your application than perhaps you do.  They are not worried about shipping the next release.  They are methodical in how they test, probe, and attack your application.  Perhaps this is the time to start re-thinking your development and test strategy, so that security becomes a first class requirement for all that you do.

More Progress on Apple Site

Great news, last night the 2nd major round of site updates were deployed by Apple. Screen Shot 2013-07-27 at 7.30.57 AM

As you can see the site now lets you get to the developer sites for iOS, Mac, and Safari, along with certificates, and software downloads.  Here’s hoping that we are not far from Apple getting back on track for beta updates!

Security and your Mobile App

There’s an interesting perspective when it comes to mobile apps, people writing games don’t necessarily think about security. Enterprise app developers must consider security in their apps. And if you are developing social apps, security is even more important, there is no faster way to kill a social platform than to violate your users trust and security (unless your name is Facebook).

If you are writing a game, do your players care that they can get in and hack your high scores? Probably not if it is a stand alone game, but if it has leader boards and multiplayer, you don’t want to allow this… it will ruin the game play and lose you gamers.

How do you handle security?